By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS CLI/AWS Tools for Powershell -- having trouble getting TLS 1.2 connection to S3 bucket

0

Hello!

We have two servers installed in a local colo -- each runs a Powershell script that compresses backup files and pushes them to an S3 bucket. The application I was previously using to push the files to S3 didn't support TLS 1.2. So, I updated that part of the Powershell script to use AWS CLI/AWS Tools for Powershell/AWS S3 Module to upload the files to S3.

When I look at the server access logs generated by the receiving S3 bucket, it looks like files transferred from one of the servers (Windows Server 2019) are completed using TLS 1.2. However, files transferred from the other server (Windows Server 2012 R2) are completed using TLS 1 (actual text is "s3.amazonaws.com TLSv1 - -").

The only difference I can think of is the Windows Server version. Powershell on the WS2012R2 server was updated to 5.1.14409.1005 (CLRVersion 4.0.30319.42000).

Any idea what I could be overlooking? Is there something I need to do to force PS on WS2012R2 to use TLS 1.2? I realize there is a 6/28/2023 deadline -- any guidance is greatly appreciated!

EDIT: Based on Ivan's response, just wanted to add that the server in question is running .NET 4.8.03761 (release 528049).

Thank you!

Topics
StorageSecurity, Identity, & ComplianceInternet of Things (IoT)
Tags
Amazon Simple Storage ServiceSecurity, Identity, & ComplianceTransport Layer Security (TLS)
Language
English
adamb
asked a year ago703 views
1 Answer
2
Accepted Answer

Yes, you can indeed force PowerShell to use TLS 1.2. PowerShell, by default, may not use the latest version of TLS, so you may have to explicitly specify that you want to use TLS 1.2. This can be done by adding the following command at the beginning of your PowerShell script:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

The above line of code sets the default security protocol to TLS 1.2.

Another important aspect to consider is the .NET Framework version installed on the Windows Server 2012 R2. You should ensure that .NET Framework 4.5 or later is installed, because TLS 1.1 and TLS 1.2 are not supported in versions prior to .NET Framework 4.5.

Also, keep in mind that even though you've updated PowerShell, the underlying .NET Framework could still be an older version. It's possible to have newer versions of PowerShell running on top of older versions of .NET Framework. Therefore, you might need to update .NET Framework on your Windows Server 2012 R2.

Please try the suggested approach, and let me know if it solves your issue.

profile picture
EXPERT
Ivan Casco
answered a year ago
profile picture
EXPERT
Gary Mclean
reviewed a month ago
  • adamb
    a year ago

    YES! That seems to have done the trick as the log file from this morning's upload specifically indicates "TLSv1.2". Thanks very much, Ivan!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content